Pages

Tuesday, November 29, 2011

Update - posted a list of the dropped files for each file and the C&C info from pcaps in the end of the post - for review and easy Googling.

Shutterstock image

In addition to the post about the Cuckoo sandbox, please see below sandbox results and samples for 30 recent PDF files (APT type). I excluded the payload/dropped files because of the large number of benign files in the same folder as the payload. Perhaps seeing the output will help you decide whether you want to deploy the sandbox or not.
If you need to see the payload 'files' folders, please see the previous post for example or contact me.According to the author, the file dumps filtering will be added soon.
What you will see in the package:
Original analysis folder (excluding "Files" - dropped files)

Analysis.config - you will see the name of the analysed file there.

Analysis.log + report.txt- all API calls and created files log

Dump.pcap file

logs folder - in csv fomat

shots folder - screenshots taken

Original file itself

Additonal files

List of all hashes of all files

All pcap files converted to text

Filtered logs showing dropped files.

List of included files and corresponding Cuckoo sandbox analysis results

Hi, I am doing a lot of malware analysis on my own so I would love to have a look on these pdf files and the analysis reports also. It would be great if you shared the password, my mail is tomeye[at]freemail.grThanassis

Hello, I'm doing some research on Vulnerability and working on Vaccine small venture. I'm very intersted in PDF files.Could you please send me the password? thanks in advance! My email address: kyle_mustangss at hotmail.com

Malware samples are available for download by any responsible whitehat researcher. By downloading the samples, anyone waives all rights to claim punitive, incidental and consequential damages resulting from mishandling or self-infection.